1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active myplaycity toolbar

Discussion in 'Malware and Virus Removal Archive' started by greg4545, 2009/11/11.

  1. 2009/11/11
    greg4545

    greg4545 Inactive Thread Starter

    Joined:
    2009/11/11
    Messages:
    8
    Likes Received:
    0
    [Active] myplaycity toolbar

    My mother-in-law downloaded myplaycity toolbar to my wife's machine. I can't find a lot of information on this, but from what I can find, it seems like it is considered malware. I'd like to get it off of the machine.

    Steps attempted so far:
    1. Remove via Control Panel -> Add/Remove Programs. Result: Error message = "Could not open INSTALL.LOG file. "
    2. Full system scan with Norton Internet Security 2009. Result: No malware found.

    Thanks for any help you can give.

    ------------

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Judi at 21:24:14.37 on Wed 11/11/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2316 [GMT -6:00]

    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Judi\mail\Eudora.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Judi\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
    uURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\judi\word\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe
    IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\judi\applic~1\mozilla\firefox\profiles\f0ip42z8.default user\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\judi\application data\mozilla\firefox\profiles\f0ip42z8.default user\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-10 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-10 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-10 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091107.001\IDSXpx86.sys [2009-11-11 329592]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-10 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
    R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2008-11-20 175104]
    S2 gupdate1c9c5ce193e4ffe;Google Update Service (gupdate1c9c5ce193e4ffe);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

    =============== Created Last 30 ================

    2009-11-06 01:59:36 0 d-----w- c:\program files\MyPlayCity
    2009-11-06 01:59:36 0 d-----w- c:\program files\Conduit
    2009-11-06 01:59:32 0 d-----w- c:\program files\MyPlayCity.com
    2009-10-20 20:54:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Wrinkle-free Games

    ==================== Find3M ====================

    2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-02 15:48:12 67450 ----a-w- c:\windows\fonts\fg_jayne_print.zip
    2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
    2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-08-29 02:33:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-08-29 02:33:29 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-08-29 02:33:29 12067 ----atw- c:\windows\system32\SIntf16.dll
    2009-08-29 02:31:51 33348 ----a-w- c:\windows\DIIUnin.dat
    2009-08-29 02:19:27 94208 ----a-w- c:\windows\DIIUnin.exe
    2009-08-29 02:19:27 2829 ----a-w- c:\windows\DIIUnin.pif
    2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-19 02:42:51 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    ============= FINISH: 21:24:25.07 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2008 8:42:10 PM
    System Uptime: 11/9/2009 10:20:17 PM (47 hours ago)

    Motherboard: FOXCONN | | A7DA-S/A7DA
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket 940 | 3000/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 415.092 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_0E14105B&REV_3A\3&267A616A&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_0E14105B&REV_3A\3&267A616A&0&A0
    Service:

    ==== System Restore Points ===================

    RP234: 8/16/2009 9:56:41 PM - Software Distribution Service 3.0
    RP235: 8/18/2009 1:03:14 AM - System Checkpoint
    RP236: 8/19/2009 1:54:07 AM - System Checkpoint
    RP237: 8/25/2009 2:05:20 PM - System Checkpoint
    RP238: 8/26/2009 10:29:46 PM - System Checkpoint
    RP239: 8/28/2009 11:17:17 PM - System Checkpoint
    RP240: 8/29/2009 11:34:08 PM - System Checkpoint
    RP241: 8/31/2009 12:31:33 AM - System Checkpoint
    RP242: 9/1/2009 1:19:40 AM - System Checkpoint
    RP243: 9/1/2009 9:57:32 AM - Removed The Sims 3
    RP244: 9/1/2009 9:58:43 AM - Software Distribution Service 3.0
    RP245: 9/2/2009 5:38:58 PM - System Checkpoint
    RP246: 9/3/2009 10:07:54 PM - System Checkpoint
    RP247: 9/4/2009 10:58:41 PM - System Checkpoint
    RP248: 9/5/2009 11:13:00 PM - System Checkpoint
    RP249: 9/6/2009 11:57:57 PM - System Checkpoint
    RP250: 9/8/2009 2:23:42 PM - System Checkpoint
    RP251: 9/9/2009 2:31:51 PM - System Checkpoint
    RP252: 9/10/2009 2:49:00 PM - Software Distribution Service 3.0
    RP253: 9/11/2009 4:14:52 PM - System Checkpoint
    RP254: 9/12/2009 4:35:03 PM - System Checkpoint
    RP255: 9/13/2009 5:48:03 PM - System Checkpoint
    RP256: 9/14/2009 6:49:33 PM - System Checkpoint
    RP257: 9/15/2009 7:35:03 PM - System Checkpoint
    RP258: 9/16/2009 8:35:03 PM - System Checkpoint
    RP259: 9/17/2009 9:35:01 PM - System Checkpoint
    RP260: 9/18/2009 10:44:43 PM - System Checkpoint
    RP261: 9/19/2009 11:35:01 PM - System Checkpoint
    RP262: 9/21/2009 12:35:02 AM - System Checkpoint
    RP263: 9/22/2009 1:35:02 AM - System Checkpoint
    RP264: 9/23/2009 1:55:01 AM - System Checkpoint
    RP265: 9/24/2009 11:36:58 PM - System Checkpoint
    RP266: 9/26/2009 12:02:05 AM - System Checkpoint
    RP267: 9/27/2009 12:35:02 AM - System Checkpoint
    RP268: 9/28/2009 1:35:01 AM - System Checkpoint
    RP269: 9/29/2009 2:35:02 AM - System Checkpoint
    RP270: 9/30/2009 4:07:04 PM - System Checkpoint
    RP271: 10/1/2009 8:27:38 PM - System Checkpoint
    RP272: 10/2/2009 10:14:15 PM - System Checkpoint
    RP273: 10/3/2009 10:23:18 PM - System Checkpoint
    RP274: 10/4/2009 10:26:22 PM - System Checkpoint
    RP275: 10/5/2009 11:26:22 PM - System Checkpoint
    RP276: 10/7/2009 12:11:27 AM - System Checkpoint
    RP277: 10/8/2009 12:26:22 AM - System Checkpoint
    RP278: 10/9/2009 12:27:01 AM - System Checkpoint
    RP279: 10/10/2009 1:23:45 AM - System Checkpoint
    RP280: 10/11/2009 2:23:45 AM - System Checkpoint
    RP281: 10/12/2009 10:12:16 AM - System Checkpoint
    RP282: 10/13/2009 11:21:02 AM - System Checkpoint
    RP283: 10/14/2009 2:35:00 PM - System Checkpoint
    RP284: 10/15/2009 9:14:27 PM - System Checkpoint
    RP285: 10/17/2009 10:56:25 AM - System Checkpoint
    RP286: 10/18/2009 10:56:45 AM - System Checkpoint
    RP287: 10/19/2009 10:57:51 AM - System Checkpoint
    RP288: 10/20/2009 11:55:37 AM - System Checkpoint
    RP289: 10/21/2009 9:21:39 PM - System Checkpoint
    RP290: 10/22/2009 9:56:23 AM - Installed Java(TM) 6 Update 15
    RP291: 10/23/2009 11:04:10 PM - System Checkpoint
    RP292: 10/24/2009 11:54:29 PM - System Checkpoint
    RP293: 10/26/2009 3:44:58 PM - System Checkpoint
    RP294: 10/27/2009 5:17:07 PM - System Checkpoint
    RP295: 10/28/2009 11:57:27 PM - System Checkpoint
    RP296: 10/30/2009 2:24:16 AM - System Checkpoint
    RP297: 10/31/2009 2:54:25 AM - System Checkpoint
    RP298: 11/1/2009 4:16:46 PM - System Checkpoint
    RP299: 11/2/2009 5:05:19 PM - System Checkpoint
    RP300: 11/3/2009 5:21:10 PM - System Checkpoint
    RP301: 11/5/2009 12:09:29 AM - System Checkpoint
    RP302: 11/6/2009 12:53:19 AM - System Checkpoint
    RP303: 11/7/2009 1:53:19 AM - System Checkpoint
    RP304: 11/8/2009 1:53:18 AM - System Checkpoint
    RP305: 11/9/2009 2:53:17 AM - System Checkpoint
    RP306: 11/9/2009 10:15:14 PM - Software Distribution Service 3.0
    RP307: 11/10/2009 10:24:37 PM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Apple Software Update
    Aquapolis
    ATI - Software Uninstall Utility
    ATI Display Driver
    Big Kahuna Reef 2 - Chain Reaction
    Broadcom Gigabit Integrated Controller
    Broadcom Gigabit NetLink Controller
    Brother P-touch Editor 5.0
    BufferChm
    Build-a-lot - Town of the Year
    Build-a-lot 3 - Passport to Europe
    Build-a-lot 4 - Power Source
    Canon Camera Access Library
    Canon Camera Support Core Library
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CanoScan LiDE 600F
    Create A Mall
    Crystal Path
    Destinations
    DeviceManagementQFolder
    Diablo II
    dj_taplugin
    dj6980
    eSupportQFolder
    Flickr Uploadr 3.2.1
    Free Mahjong Planet
    Google Earth
    Google Update Helper
    Google Updater
    Hotel Mogul
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP Deskjet 6900 series
    HP Imaging Device Functions 6.0
    HP Photosmart Essential
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.0
    hpf_ProductContext
    HPProductAssistant
    Jane's Realty
    Jasc Paint Shop Pro 8 Dell Edition
    Java(TM) 6 Update 15
    LP6980_Help
    LP6980Trb
    Magic Inlay
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Home Publishing 2000
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Word 2000
    Microsoft Works 2000
    Microsoft Works 2000 Setup Launcher
    Microsoft WSE 3.0 Runtime
    MONOPOLY(TM) Build-A-lot(TM) Edition
    Mozilla Firefox (3.5.5)
    MSXML 4.0 SP2 (KB954430)
    MyPlayCity Toolbar
    Netflix Movie Viewer
    Norton Internet Security
    Pandora
    Paradise Beach
    Picket Fences
    Plan It Green©
    Puzzle Inlay
    QuickTime
    Readme
    RealArcade
    Realtek High Definition Audio Driver
    Rebound Lost Worlds
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    SKIP-BO Castaway Caper(TM)
    SolutionCenter
    Status
    The Core Media Player 4.0
    TrayApp
    Tweak UI
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Ventrilo Client
    VLC media player 1.0.0
    Web Games Player Plugin
    WebFldrs XP
    WebReg
    Winamp
    Winamp Toolbar
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Word in Works Suite add-in

    ==== Event Viewer Messages From Past Week ========

    11/9/2009 10:21:13 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
    greg4545,
    #1
  2. 2009/11/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi greg4545
    Welcome to WindowsBBS

    Please do the following.

    Reboot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):


    MyPlayCity Toolbar

    Reboot your computer.


    Download a copy of HijackThis installer from here and save it to your Desktop.

    1. Save HJTInstall.exe to your desktop.
    2. Double-click on the HJTintall.exe icon on your desktop.
      (Let it install to the default location C:\Program Files\Hijackthis)
    3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    4. Put a check by Create a desktop icon and then click Next again.
    5. Continue to follow the rest of the prompts from there.
    6. At the final dialogue box click Finish and it will launch HijackThis.
    7. Click on the Do a system scan only button.


    Check the boxes next to all the entries listed below.

    R1 - HKLM\Software\Microsoft\Internet Explorer: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll

    03 MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    c:\program files\myplaycity

    Reboot your computer.

    Open HJT again and do a system scan and save a log file.
    Click on "Edit" > "Select All" to highlight the entire Notepad contents.
    Then click on "Edit" > "Copy ".
    Come back here to this thread and Paste the log in your next reply.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2009/11/14
    greg4545

    greg4545 Inactive Thread Starter

    Joined:
    2009/11/11
    Messages:
    8
    Likes Received:
    0
    Hi Geri, thanks for the help.

    Safe mode > Add/Remove Programs produced the same result as before. (Error message = "Could not open INSTALL.LOG file. ")

    HJT: Did not find the exact log entries you described, but did find 2 for myplaycity and I fixed those.

    Log after fixing and reboot:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:23:55 PM, on 11/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Judi\word\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Update Service (gupdate1c9c5ce193e4ffe) (gupdate1c9c5ce193e4ffe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 6477 bytes
     
    greg4545,
    #3
  5. 2009/11/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK that tool bar is not showing any longer.
    The entry may still show in Add/Remove list, but it should be gone from the system.

    Please do this.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1392740
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot the computer and post a new HJT log.

    Any other Problems?

    Geri
     
    Geri,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...